Crack WPA2 (.hc22000 file) with list not completing

[v71221]

@ZerBea
Here is more information about Windows, Hosted Network and PMKID.

I have found that

• Windows 7 sends PMKID
  
• Windows 8 sends PMKID
  
• Windows 10 doesn't send
  
• Windows 11 doesn't send
  

Funny, but Windows 7 and 8 send different PMKIDs. Both are calculated incorrectly. This leads to a Hashcat Status of Exhausted, not Cracked.

Windows 7

Code:

TIME    FREQ/CH  MAC_DEST    MAC_SOURCE  ESSID [FRAME TYPE]
12:28:31 2412/1  020000000020 020000000001 ap01 [PMKID:f8dc238fb156874627b5ff251b8ab53c KDV:2]
12:28:31 2412/1  020000000020 020000000001 ap01 [EAPOL:M1M2 EAPOLTIME:18142 RC:0 KDV:2 PSK:12345678]

Windows 8

Code:

12:42:34 2412/1  020000000020 020000000001 ap01 [PMKID:6faf75249e6dcaa15d4b8a68a941fe54 KDV:2]
12:42:34 2412/1  020000000020 020000000001 ap01 [EAPOL:M1M2 EAPOLTIME:18275 RC:0 KDV:2 PSK:12345678]

The correct PMKID, as you mentioned, is ca5396d611cf330aebefd48ebbfb0e63

I prefer to use the older version of Hashcat (v5.1.0) because it runs much faster on my 10-year-old laptop than the newest version (v6.2.5)

it takes about 5 seconds

Code:

hashcat64.exe  -D 1  -a 3  -m 16800  "ca5396d611cf330aebefd48ebbfb0e63*020000000001*020000000020*61703031"  "12345678"

it takes about 16 minutes

Code:

hashcat.exe  -D 1  -a 3  -m 22000  "WPA*01*ca5396d611cf330aebefd48ebbfb0e63*020000000001*020000000020*61703031***"  "12345678"

P.S.
I tested

• Windows 7 Enterprise
  
• Windows 8 Single Language
  
• Windows 10 Enterprise (Version 21H1)
  
• Windows 11 Enterprise (Version 21H2)
  

With the wireless Hosted Network, a Windows computer can use a single physical wireless adapter to connect as a client to a hardware access point (AP), while at the same time acting as a software AP allowing other wireless-capable devices to connect to it.
https://docs.microsoft.com/en-us/windows...ed-network
https://docs.microsoft.com/en-us/windows...on-sharing